Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WA6GWJWE1E' = '%APPDATA%\Hdoitoswtw.exe'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\Hdoitoswtw.exe.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\Hdoitoswtw.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoChangeStartMenu' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoClose' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoLogOff' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000000'
- %APPDATA%\mp6.txt
- %APPDATA%\winup00.dat
- %APPDATA%\Hdoitoswtw.exe
- %APPDATA%\date.dat
- %APPDATA%\semtitulo.cur
- %APPDATA%\arrow1.cur
- %APPDATA%\select1.cur
- %APPDATA%\link1.cur
- %HOMEPATH%\AppData\Roaming\semtitulo.cur
- %HOMEPATH%\AppData\Roaming\arrow1.cur
- %HOMEPATH%\AppData\Roaming\select1.cur
- %HOMEPATH%\AppData\Roaming\link1.cur
- 'me##p.eu':80
- 'me####erecoip.com':80
- 'io##.org.cn':80
- http://me##p.eu/
- http://www.me####erecoip.com/ via me####erecoip.com
- http://www.io##.org.cn/libraries/openid/Auth/OpenID/graph.php via io##.org.cn
- DNS ASK me##p.eu
- DNS ASK www.me####erecoip.com
- DNS ASK www.io##.org.cn